Ask the Expert

Why can't I add a new child domain in AD?

I have established a root domain 'utic.net' and have it in an external trust with my NT4 production domain. My plan is to have the NT4 become a child domain (e.g. division1.utic.net). I have nine other divisions/domains to add to the root as child domains.

When testing the upgrade/migration in my setup, I added a BDC to the NT4 domain and then removed it to a standalone off the backbone. I promoted the BDC to a PDC and changed the domain name. With a Win2k box acting as router, I reconnected to the backbone with its own subnet.

I can ping both ways with the root AD domain. The upgrade to Win2k went fine. But when I tried to add this new domain into the AD as a child domain, this is where it failed. It finds the AD domain, I supply the logon ID/password/domain info, answer all the other prompts, and the upgrade begins. However, several minutes into the process I receive and error that 'binding to the server' the 'DC for the root domain' with the supply credentials failed.'

I have tried this with a fresh new NT domain PDC. I also tried rebuilding the AD domain from scratch with no success. I'm stumped. TechNet and other resources have failed to help me on this problem. Can you tell me where to look?

Requires Free Membership to View

If I understand this correctly, what you end up with is two domains on the same network with the same NetBIOS name. You have the legacy NT 4.0 domain, which still exists on the backbone. Then you have the Win2k domain upgraded from the NT 4.0 domain BDC that is on its own subnet -- but that is then connected to the backbone so that you can reach the AD domain. When upgrading the NT 4.0 domain to an AD Win2000 domain you cannot change the NetBIOS name of the domain. Thus, you must have two domains with the same NetBIOS name on the same network. This could cause all sorts of issues.

If you want to test this theory, disconnect the upgrade Win2k network off of the backbone. Build a new AD server to match what you have on the backbone. Put the new AD server in the isolated network with the upgraded Win2k machine. Now, create the trusts. I would imagine that this will work.

This was first published in August 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: